The present invention relates to computer systems, and more particularly to securing personal computer systems in a corporate environment.
Today, securing computer systems from theft and unauthorized use is very important to businesses. Of particular concern is the securing of mobile computers, or xe2x80x9claptopxe2x80x9d computers. Due to their portability, they are particularly susceptible to theft. Two approaches to this problem has been proposed by INTERNATIONAL BUSINESS MACHINES CORPORATION, the assignee of the present application.
FIG. 1 illustrates a first possible approach to securing mobile computers. In this first approach, the laptop computer 104 has an identification (ID) tag 102, and the possessor 108 of the laptop computer 104 has an ID tag 106 as well. These ID tags 102, 106 are detected via a radio signal when they move through a portal 110. A xe2x80x9cportalxe2x80x9d, as used in this specification, refers to a location through which a possessor 108 in possession of a laptop computer 104 may pass through. For example, a corporation may place a portal 110 at possible exists from its office building. When a portal 110 detects the ID tags 102 and 106, it checks if the identified possessor 108 has authority to possess the identified laptop computer 104. If not, then the laptop computer 104 is locked by the portal 110 through a radio signal from the portal 110 to the laptop computer 104. Thus, an unauthorized possessor who transports a laptop computer past a portal will not be able to operate the laptop. However, with this approach, the locking of the laptop computer 104 may be avoided by transporting the computer 104 in a Faraday cage, for example a metal briefcase, or by positioning an antenna in a particular direction such that the computer""s ID tag 102 is not seen by the portal 110. The portal 110 thus never detects the transport of the laptop computer 104, and it is never locked.
FIG. 2 illustrates a second possible approach. In this approach, a zone of authorized operation 202 is defined within which the laptop computer 204 is freely operable. The zone of authorized operation 202 will be defined by a radio beacon 206 which continuously emits a radio signal. The laptop computer 204 would be equipped with a radio frequency listening device 208 which can hear the signal from the radio beacon 206. When the laptop computer 204 hears the signal, it is operable. However, when the laptop computer 204 is transported outside the zone 202, it will not hear the signal, at which time it will lock itself. To operate the locked laptop computer 204, a possessor 206 of the laptop computer 204 must enter a valid password. However, this approach is unfriendly to the possessor 206 since the possessor must remember passwords. It is also breakable via social engineering if the passwords are not chosen securely.
Accordingly, what is needed is a system and method for securing computers which is possessor friendly and is more reliable than current possible approaches. The method and system should be easily applied in a corporate environment. The present invention addresses such a need.
The present invention provides a method and system for securing a computer. The method includes providing a zone of authorized operation for the computer; determining if a possessor of the computer is authorized to have possession when the computer and the possessor leaves the zone of authorized operation and pass through a portal; and allowing continued access to the computer without requiring a password if the possessor is authorized. The method and system is transparent to the possessor and provides no advantage in hiding the computer from the portal. This method and system may be easily applied in a corporate environment and is particularly apt for securing mobile computer systems.